package com.shoux.api.web.controller;

import org.springframework.core.annotation.Order;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.InitBinder;

/**
 * Created with IntelliJ IDEA.
 * User: xiaoZhi
 * Date: 2022/3/30
 * Time: 15:30
 * Description: Spring框架JNDI注入漏洞 临时缓解措施
 */
@ControllerAdvice
@Order(10000)
class InitBinderController {
    @InitBinder
    public void setAllowedFields(WebDataBinder dataBinder) {
        String[] abd = new String[]{"class.*", "Class.*", "*.class.*", "*.Class.*"};
        dataBinder.setDisallowedFields(abd);
    }
}
